ποΈ SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed multiple security flaw in the onpremise version of SysAid IT support software that could be exploited to achieve preauthenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE20252775, CVE20252776, and CVE20252777, have all been described as XML External Entity XXE injections, which occur when an attacker is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Security Service Edge SSE platforms have become the goto architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem they stop short of where the most sensitive user activity actually happensthe browser. This isnt a small omission. Its a structural.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zeroday as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE202529824, a privilege escalation flaw in the Common Log File System CLFS driver. It was patched by.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that masquerades as a seemingly harmless Discordrelated utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the opensource registry.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A federal jury on Tuesday decided that NSO Group must pay Metaowned WhatsApp WhatsApp approximately 168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π¨ UK pioneering global move away from passwords π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
Government to roll out passkey technology across digital services as an alternative to SMSbased verification.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
π¨ UK critical systems at increased risk from 'digital divide' created by AI threats π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
New report warns that organisations unable to defend AIenabled threats are exposed to greater cyber risk.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
National Cyber Security Centre - NCSC.GOV.UK
UK critical systems at increased risk from 'digital divide' created by AI threats
New report warns that organisations unable to defend AI-enabled threats are exposed to greater cyber risk.
π Toll road scams are in overdrive: Hereβs how to protect yourself π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Have you received a text message about an unpaid road toll? Make sure youre not the next victim of a smishing scam.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Toll road text scams are in overdrive: Hereβs what to look out for
Have you received a text message about an unpaid road toll? Youβre not alone. Make sure youβre not the next victim of a smishing scam.
π Passkeys Set to Protect GOV.UK Accounts Against Cyber-Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Passkeys Set to Protect GOV.UK Accounts Against Cyber-Attacks
The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025
π€1
π NSO Group Hit with $168m Fine for WhatsApp Pegasus Spyware Abuse π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Israeli spyware maker must pay 444,719 in compensatory damages to Meta and 167.25m in punitive damages.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
NSO Group Hit with $168m Fine for WhatsApp Pegasus Spyware Abuse
The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages
π1
π UK Government Warns Retail Attacks Must Serve as a βWake-up Callβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
UK government minister Pat McFadden said during CYBERUK that the incidents affecting MS, Coop and Harrods show that cybersecurity is a necessity.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Government Warns Retail Attacks Must Serve as a βWake-up Callβ
UK government minister Pat McFadden said during CYBERUK that the incidents affecting M&S, Co-op and Harrods show that cybersecurity is a necessity
π UK Cyber Insurance Claims Second Highest on Record π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Marsh says ransomware drove cyber insurance claims to second highest on record in 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Cyber Insurance Claims Second Highest on Record
Marsh says ransomware drove cyber insurance claims to second highest on record in 2024
π Talent Shortages Bite as 80% of UK Firms Hit with AI Threats π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Half of UK firms have over 10 cyber positions unfilled, according to Cisco.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Talent Shortages Bite as 80% of UK Firms Hit with AI Threats
Half of UK firms have over 10 cyber positions unfilled, according to Cisco
π Why Businesses Switch Cybersecurity Providers (And Lessons They Learn) π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Most teams dont plan to replace their MDR, SOCaaS, or MSSP provider. It usually happens after monthssometimes yearsof frustrations stacking up missed alerts, vague reports, poor communication, and the slow realization that their cybersecurity provider simply isnt improving. Weve worked with dozens of teams in this exact situation. Some had just experienced a security breach The post Why Businesses Switch Cybersecurity Providers And Lessons They Learn appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
How to Switch Cybersecurity Providers: A Practical Guide for 2025
Thinking about replacing your security provider? Learn to avoid costly mistakes, spot red flags, and switch smoothly
π How to Secure Your Google Meeting Tool Against Unauthorized AI Bots π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Integrating a meeting tool like a chatbot into Google Meet can significantly enhance productivity by automating tasks like transcriptions, scheduling, and notetaking. However, security concerns arise when granting AI tools access to sensitive discussions and data. Unauthorized access, data leaks, and AI misuse are potential risks that organizations must address. By carefully configuring your chatbots The post How to Secure Your Google Meeting Tool Against Unauthorized AI Bots appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
How to Secure Your Google Meeting Tool
Protect your Google meeting tool from unauthorized AI bots with these security best practices. Learn how to restrict access, manage permissions, and enhance privacy settings to keep your meetings secure.
π¨ Preparing for post-quantum threat will make "fixing the Millennium Bug look easy" π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
NCSC's CTO urges organisations to recognise decadelong, nationalscale technology change required to prepare for the postquantum threat.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
www.ncsc.gov.uk
Preparing for post-quantum threat will make
NCSC's CTO urges organisations to recognise βdecade-long, national-scale technology changeβ required to prepare for the post-quantum threat.
π DDoS-for-Hire Network Dismantled in International Operation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A prolific DDoSforhire network has been dismantled by Polish authorities as part of a coordinated international crackdown.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
DDoS-for-Hire Network Dismantled in International Operation
A prolific DDoS-for-hire network has been dismantled by Polish authorities as part of a coordinated international crackdown
π "Nationally Significant" Cyber-Attacks Have Doubled, UKβs NCSC Reports π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
NCSC CEO Richard Horne said the cyber agency has managed twice as many nationally significant cyber incidents in the period from September 2024 to May 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
"Nationally Significant" Cyber-Attacks Have Doubled, UKβs NCSC Reports
NCSC CEO Richard Horne said the cyber agency has managed twice as many nationally significant cyber incidents in the period from September 2024 to May 2025
π Inferno Drainer Returns, Stealing Millions from Crypto Wallets π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Inferno Drainer returns, stealing millions from crypto wallets through phishing on Discord.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Inferno Drainer Returns, Stealing Millions from Crypto Wallets
Inferno Drainer returns, stealing millions from crypto wallets through phishing on Discord
π΅οΈββοΈ "Bring Your Own Installer" Attack Targets SentinelOne EDR π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'Bring Your Own Installer' Attack Targets SentinelOne EDR
Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.
π΅οΈββοΈ Play Ransomware Group Used Windows Zero-Day π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Previously, Microsoft reported that Storm2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Play Ransomware Group Used Windows Zero-Day
Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.